Ask HN: Why is Youtube not https strict?
You can access http and https on Youtube. Youtube can handles millions of users, so the argument "encryption" takes time doesn't seem legitimate. Or is it? Maybe not... since youtube serves videos, not text.
I don't think engineers would make that kind of mistake leaving http on. There must be a good reason, right?
Any thoughts on this?
6 comments
[ 3.7 ms ] story [ 22.7 ms ] threadAdditionally, on Google you could be searching for confidential things you do not want intercepted, YouTube is more social and public, therefore it is not as high priority.
If you want to enforce HTTPS on sites, use an HTTPS everywhere plugin, https://chrome.google.com/webstore/detail/https-everywhere/g... https://addons.mozilla.org/en-US/firefox/addon/https-finder/...
Hence when google.com is forced over SSL when you're logged in, but not forced over SSL otherwise.
Personally I'm in the camp that thinks the Internet would be a lot more secure and free if all traffic was always encrypted. But the business reasons for not using encryption when it's not explicitly required, are fairly obvious.